If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Newbee question on honeynets

I am currently interning at a rather large company in there computer security department and the task they gave me is to set up a honeynet. We have a switch network, so my question is: Do I have to deploy a honeynet for each switch to monitor the whole network or will one work? Thanks for any help you can provide.

My question is would I be substantially more successful at detecting any kind of malware or intrusion by setting up honeynets on different parts of the network or will one one end of the switch be sufficient?

Setting up a honeypot and not knowing how it works can really backfire on you... Suppose your honeypot gets cracked.. That's why it's there in the first place.. Then suppose "they" start using your honeypot to attack the rest of your network..

I agree with DjM.. You need one or more IDS'es, not honeypots. They're definitely not the same..

Oliver's Law:
Experience is something you don't get until just after you need it.

Yes, but his superiors don't know sh*t about what they're asking and setting one up on your network can really, really, really backfire...

My question is would I be substantially more successful at detecting any kind of malware or intrusion by setting up honeynets on different parts of the network or will one one end of the switch be sufficient?

So, reading between the lines, they (his superiors) want to detect intrusions and/or malware. Perfect job for an IDS.

Oliver's Law:
Experience is something you don't get until just after you need it.

Yeah I do agree with you that a honeypot is not the best solution, but since he is just doing an internship - I'd say they are just getting him to set up a honeypot as an exercise and would severely doubt that they would allow an intern to set up a honey pot that would actually be deployed on a live network.

Perhaps it is just an exercise to allow him to demonstrate his ability.

Been realistic, and no offence to the original poster, what sort of company would allow an intern (no matter how good) to set up a live honeypot??